Search Postgresql Archives

Re: pg_audit to mask literal sql

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On 10/30/2017 03:35 PM, John R Pierce wrote:
On 10/30/2017 10:55 AM, rakeshkumar464 wrote:
Is there a way in pgaudit to mask literal sqls like the below:

insert into table (col1,col2) values(1,2)
select * from table where col1 = 1

These sqls are typed by our QA folks using pgadmin. pgaudit records this
verbatim which runs afoul of our HIPAA requirement. Prepared statements are
not an issue since pgaudit provides a way to suppress values.

if you have a HIPAA requirement that says 'dont run manual sql statements', then, well, DONT.

why are QA folks making changes on production databases, anyways? thats not within their domain. QA should be working on development or staging databases.



I suspect the QA types are testing against production and using/seeing real names, etc with queries which create /transitory/ tables. I wonder if the QA folks have been HIPAA certified? Probable better to get them redacted data for testing.


--
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]

  Powered by Linux